Privacy & Cookies

1.1 This policy explains how Berling Atelier AB (“Berling”, “we”, “us”) collects, uses, shares, and protects personal data when you visit our site or purchase from us.

1.2 Controller: Berling Atelier AB, Storgatan 44, 972 31 Luleå, Sweden. Contact: info@berling.co.

1.3 This policy complements our Terms & Conditions. If anything here conflicts with mandatory law, the law prevails.

2.1 Identity & Contact: name, addresses, email, phone.

2.2 Order & Payment: items, totals, currency, transaction/result codes (we do not store full card numbers/CVV).

2.3 Delivery: recipient details, tracking, delivery preferences.

2.4 Technical & Usage: device, browser, IP, cookies/pixels, pages viewed, interactions.

2.5 Communications & Preferences: customer-care messages, marketing consents, cookie choices.

2.6 Account (optional): login identifier, order history, saved details.

2.7 SMS Program Data: mobile number, opt-in status and timestamp, consent source and preferences, delivery status (sent/delivered), and interaction data (e.g., link clicks).

2.8 SMS Program Terms:

• SMS consent is voluntary and not required to make a purchase.
• By opting in, you may receive recurring automated text messages (promotional alerts such as limited releases, waitlists/back-in-stock; and, if you provided your number in connection with a purchase, service updates such as order notifications).
• Message frequency varies; message & data rates may apply.
• To opt out, reply STOP at any time. For help, reply HELP or email info@berling.co.
• Carriers are not responsible for delayed or undelivered messages.
• If you change your mobile number, you must re-subscribe with the new number.

3.1 Purchases & Delivery (contract, Art. 6(1)(b)): orders, payments, shipping, returns.

3.2 Customer Care & Fraud Prevention (contract/legitimate interests, Art. 6(1)(b)/(f)).

3.3 Legal & Compliance (legal obligation, Art. 6(1)(c)): bookkeeping, tax/VAT, consumer law.

3.4 Site Performance & Security (legitimate interests, Art. 6(1)(f)): load-balancing, logs, abuse prevention.

3.5 Analytics & Advertising (consent, Art. 6(1)(a)): audience measurement, personalisation, retargeting (only if you opt in via our banner).

3.6 Marketing Communications (consent; or soft opt-in where permitted by local law): product news/offers by email and, if you opt in, by SMS; you can opt out anytime.

3.7 SMS Abandoned Cart (consent, Art. 6(1)(a)): if you opt in to SMS, we may use cookies/plugins to detect an abandoned cart and send a one-off reminder by SMS. See §10.5.

3.8 Transactional SMS (contract, Art. 6(1)(b)): service messages without marketing (e.g., order or service-related updates) where you have provided your number in connection with a purchase or service request.

4.1 Payments run through PCI-compliant processors; card data is encrypted and handled by them. We never store full PAN/CVV.

4.2 Banks may require 3-D Secure verification.

5.1 Processors & partners (as relevant to your transaction):

• Payment services: Visa, Mastercard, American Express, Maestro, Apple Pay, Google Pay, PayPal, Bancontact, iDeal, Klarna (Pay Later / Pay Now / Slice It, where available)
• Logistics: DHL (express courier services)
• Email & SMS delivery providers (email/SMS sending and automation; may include processors outside the EEA with appropriate safeguards—see §6).

5.2 Authorities & Legal: where required by law or to enforce our terms.

5.3 Corporate Events: restructuring/transfer under confidentiality safeguards.

5.4 SMS opt-in data not shared: The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

6.1 Some providers process data outside the EEA. We use lawful safeguards such as European Commission Standard Contractual Clauses and, where applicable, adequacy decisions.

6.2 Details of the relevant safeguards are available on request.

7.1 Orders & accounting: 7 years after the financial year end (bookkeeping rules).

7.2 Customer care: typically up to 36 months after resolution.

7.3 Marketing consents: until you withdraw consent or become inactive for a prolonged period.

7.4 Security logs: typically ≤12 months.

7.5 Cookies: per cookie’s lifetime (see §10) or until you withdraw consent/clear cookies.

7.6 SMS consent records: We retain SMS consent and opt-out records as required to demonstrate compliance and to honour your choices.

8.1 Rights include access, rectification, erasure, restriction, portability, objection (including to direct marketing), and withdrawal of consent (withdrawal doesn’t affect past lawful processing).

8.2 To exercise rights: email info@berling.co; we respond within one month (extendable for complex cases).

8.3 Complaints: you may contact Integritetsskyddsmyndigheten (IMY) or your local EEA authority.

9.1 Our services target adults and are not directed to children.

9.2 If children’s data is processed contrary to this intent, we will delete it and, where required, seek parental consent.

9.3 Where consent is the legal basis for information-society services in Sweden, a child from age 13 may consent; below 13 requires parental approval.

10.1 We use cookies/pixels to operate the site (strictly necessary), remember preferences, measure audiences, and—if you agree—serve personalised ads.

10.2 Consent: we only set non-essential cookies (analytics/ads) with prior consent. You can accept, reject, manage, and withdraw consent at any time via the banner or a persistent “Cookie preferences” link. Choices to accept or reject are presented with equal prominence.

10.3 Categories:

• Strictly necessary (always active): cart, checkout, login
• Functional: preferences such as language/region
• Analytics (consent): traffic and performance
• Advertising (consent): personalised ads/retargeting with partners

10.4 Browser settings can block cookies; note that some features require them.

10.5 SMS abandoned cart: Berling’s website uses cookies to help keep track of items you put into your shopping cart, including when you have abandoned your cart. This information is used to determine when to send cart reminder messages via SMS.

10.6 Interest-based advertising and opt-outs

• 10.6.1 If you accept “Advertising” cookies (see §10.3), we and selected partners may use cookies and similar technologies to:
  (a) show you ads for Berling on third-party websites and platforms based on your visit to our site (sometimes called interest-based advertising or remarketing); and
  (b) measure the performance of our campaigns (for example, whether a purchase occurred after an ad click).
• 10.6.2 You can control or withdraw your consent at any time via our “Cookie preferences” link and by adjusting your browser settings (including clearing cookies).
• 10.6.3 You may also opt out of interest-based advertising through industry tools:
  United States and Canada (DAA WebChoices): https://optout.aboutads.info/
  Europe (EDAA / YourOnlineChoices): https://www.youronlinechoices.eu/
• 10.6.4 Opting out through these tools does not stop ads from being shown, but it may make the ads less relevant to you.
• 10.6.5 If you use a mobile device, you can also limit ad personalisation in your device settings (for example, by adjusting your advertising ID settings).

11.1 HTTPS/TLS in transit, hardened hosting, least-privilege access, vendor due diligence.

11.2 Monitoring for abuse/fraud and staff access controls.

12.1 We may update this policy; see Last updated below.

12.2 For material changes, we may show an on-site notice and/or email account holders.

Berling Atelier AB — Data Controller
Storgatan 44, 972 31 Luleå, Sweden
info@berling.co

14.1 Overview
Berling processes personal data lawfully, fairly, and transparently. We collect only the information necessary to provide our services, and we use it solely for the purposes described in this policy.

14.2 Collection
Personal data is collected when you interact with our website, place an order, subscribe to communications, or contact us. The categories of data are outlined in §2.

14.3 Use and Purpose
We use personal data to process and deliver orders, provide customer care, comply with legal obligations, and—where you consent—carry out analytics and marketing activities. Details are described in §3.

14.4 Storage and Security
Data is stored on secure servers with access limited to authorised personnel. We protect information using encryption in transit (HTTPS/TLS), hardened hosting, and internal access controls, as described in §11.

14.5 Sharing
We share data only with trusted processors and partners necessary to fulfil orders or deliver services, under data-processing agreements that ensure adequate protection (§5–§6). We never sell personal data.

14.6 Retention and Deletion
We keep data only as long as needed for the purposes described in §7, after which it is securely deleted or anonymised.

14.7 User Rights
You have the rights explained in §8, including access, correction, deletion, restriction, portability, and objection. To exercise these rights, contact info@berling.co.

14.8 Compliance
Berling complies with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws in the markets where we operate.